Date: Fri, 02 May 2014 12:42:23 -0700 From: "Ronald F. Guilmette" <rfg@tristatelogic.com> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:08.tcp Message-ID: <3867.1399059743@server1.tristatelogic.com> In-Reply-To: <CAABACD8BCAE7B4B8A7906EEDC9DEBC5024EFDCD@IAD-WPRD-XCHB01.corp.verio.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <CAABACD8BCAE7B4B8A7906EEDC9DEBC5024EFDCD@IAD-WPRD-XCHB01.corp.verio .net>, "David DeSimone" <ddesimone@verio.net> wrote: >Are you perhaps confusing IP Fragment Reassembly with the similar but >unrelated TCP Segment Reassembly? That's entirely possible. I have near zero experience with or understanding of either of these types of packet fragmentation. >My understanding is that TCP stacks normally try very hard not to >generate IP fragments in a TCP stream. > >It appears that this bug report relates only to TCP Reassembly, and has >nothing to do with IP Fragments. But perhaps I am misreading it? OK, so how would one block all incoming *TCP* fragments... you know... in order to render this specific security issue a non-issue? (I personally am already blocking inbound IP fragments viw ipfw.)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3867.1399059743>